Reflected XSS on Stack Overflow

This is @newp_th. Today I want to share with you a Reflected XSS which I found in Stack Overflow.

While i was testing some other domain and doing spider activity in burpsuite, I checked issues tab whether any issues were popped up. Suddently i got to know Stack Overflow is vulnerable to XSS (i used reflector extension https://github.com/elkokc/reflector). So i decided to test that domain of Stack Overflow.

Reflector extension:

Burp Suite extension is able to find reflected XSS on page in real-time while browsing on web-site and include some features as:

Highlighting of reflection in the response tab.Test which symbols is allowed in this reflection.Analyze of reflection context.Content-Type whitelist.

When i was going through the Stack Overflow domain, I noticed a vulnerable parameter in Cookie!!, I put a simple payload “></script><img src=x onerror=alert(1)> into the prov parameter.